CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

42 matches found

Cvelist•added 2025/09/12 10:32 a.m.•5 views

CVE-2025-27233 Zabbix Agent 2 smartctl plugin argument injection in Zabbix 6.0 and later.

Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system...

5.7CVSS0.00043EPSS

Exploits0References1

CVE•added 2025/09/12 10:32 a.m.•16 views

CVE-2025-27233

CVE-2025-27233 affects the Zabbix Agent 2 smartctl plugin, where improper sanitization of parameters to the smart.disk.get command allows injecting unexpected arguments into smartctl. This is described as enabling leakage of the NTLMv2 hash from a Windows system. The provided connected sources co...

5.7CVSS6.4AI score0.00043EPSS

Exploits0References1

Vulnrichment•added 2025/09/12 10:32 a.m.•3 views

CVE-2025-27233 Zabbix Agent 2 smartctl plugin argument injection in Zabbix 6.0 and later.

5.7CVSS6.4AI score0.00043EPSS

Exploits0References1

Debian CVE•added 2025/09/12 10:32 a.m.•3 views

CVE-2025-27233

5.7CVSS5.2AI score0.00043EPSS

Exploits0

Vulnrichment•added 2025/09/12 10:31 a.m.•2 views

CVE-2025-27234 Zabbix Agent 2 smartctl plugin RCE vulnerability in Zabbix 5.0.

Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution...

7.3CVSS7.7AI score0.00164EPSS

Exploits0References1

Debian CVE•added 2025/09/12 10:31 a.m.•4 views

CVE-2025-27234

7.3CVSS5.8AI score0.00164EPSS

Exploits0

Cvelist•added 2025/09/12 10:31 a.m.•7 views

CVE-2025-27234 Zabbix Agent 2 smartctl plugin RCE vulnerability in Zabbix 5.0.

7.3CVSS0.00164EPSS

Exploits0References1

RedhatCVE•added 2025/02/06 1:1 a.m.•7 views

CVE-2022-21810

All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization...

7.8CVSS7.2AI score0.00351EPSS

Exploits1References1

Positive Technologies•added 2025/01/01 12:0 a.m.•3 views

PT-2025-37304

Name of the Vulnerable Software and Affected Versions: Zabbix Agent 2 versions 5.0 and earlier Description: The Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, potentially allowing an attacker to inject unexpected arguments into the smartctl command. This can...

7.7CVSS5.8AI score0.00164EPSS

Exploits0References15

Positive Technologies•added 2025/01/01 12:0 a.m.•3 views

PT-2025-37303

Name of the Vulnerable Software and Affected Versions: Zabbix Agent 2 affected versions not specified Description: The Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, which allows an attacker to inject unexpected arguments into the smartctl command. This can b...

7.5CVSS6.1AI score0.00104EPSS

Exploits0References22

Vulnrichment•added 2023/12/18 9:19 a.m.•13 views

CVE-2023-32728 Code injection in zabbix_agent2 smart.disk.get caused by smartctl plugin

The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution...

4.6CVSS7.8AI score0.00536EPSS

Exploits0References1

Cvelist•added 2023/12/18 9:19 a.m.•17 views

CVE-2023-32728 Code injection in zabbix_agent2 smart.disk.get caused by smartctl plugin

The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution...

4.6CVSS10AI score0.00536EPSS

Exploits0References1

Github Security Blog•added 2023/01/26 9:30 p.m.•26 views

Command injection in smartctl

All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization...

7.8CVSS5.2AI score0.00351EPSS

Exploits1References5Affected Software1

OSV•added 2023/01/26 9:30 p.m.•14 views

GHSA-69F2-4375-QV9H Command injection in smartctl

All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization...

7.8CVSS7.7AI score0.00351EPSS

Exploits1References4

NVD•added 2023/01/26 9:15 p.m.•6 views

CVE-2022-21810

All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization...

7.8CVSS7.8AI score0.00351EPSS

Exploits1References2

OSV•added 2023/01/26 9:15 p.m.•1 views

CVE-2022-21810

All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization...

7.8CVSS5.8AI score0.00351EPSS

Exploits1References2

CNNVD•added 2023/01/26 12:0 a.m.•3 views

smartctl 安全漏洞

smartctl is a command line application by Manuel B. Personal Developer. A security vulnerability exists in smartctl that stems from incorrect input cleanup, which can be exploited by an attacker to perform command injection via the info method...

7.8CVSS7.4AI score0.00351EPSS

Exploits1References3

CVE•added 2023/01/25 5:0 a.m.•47 views

CVE-2022-21810

The CVE-2022-21810 entry concerns the node package smartctl . The vulnerability is a command injection via the package’s info method caused by improper input sanitization. Affected software is the smartctl package (JavaScript/node module); impact is described as high (C, I, A all High) with local...

7.8CVSS7.8AI score0.00351EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2023/01/25 5:0 a.m.•3 views

CVE-2022-21810

All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization...

7.4CVSS7.6AI score0.00351EPSS

Exploits1References2

Cvelist•added 2023/01/25 5:0 a.m.•14 views

CVE-2022-21810

All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization...

7.4CVSS8.1AI score0.00351EPSS

Exploits1References2